All sub-classes are required to provide an implementation of this method, using the HttpServerExchange for the current request return the address to use for a redirect should confidentiality be required and the request not be confidential.

isConfidential

Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential. Here we say 'sufficiently' as sub-classes can override this and maybe even go so far as querying the actual SSLSession.

confidentialityRequired

Use the HttpServerExchange to identify if confidentiality is required. This method currently returns true for all requests, sub-classes can override this to provide a custom check. TODO: we should deprecate this and just use a predicate to decide to execute the handler instead

getRedirectURI

All sub-classes are required to provide an implementation of this method, using the HttpServerExchange for the current request return the address to use for a redirect should confidentiality be required and the request not be confidential.